Field of the Disclosure
The present disclosure relates generally to processing systems and, in particular, to information security in processing systems.
Description of the Related Art
The hardware of a single processor can be used to implement one or more virtual machines (VMs) that emulate separate and independent processors. For example, a processing unit, a memory, and other hardware in a processor together can be used to implement multiple VMs, with each VM functioning as a complete system platform that can execute a complete operating system when it is loaded into the processing unit. The processor implements a hypervisor to partition the hardware among the VMs, e.g., by allocating portions of the memory to the different VMs, loading a VM to run on a processing unit, or handling the VM exit process. The hypervisor isolates the different VMs to protect the security and integrity of the VMs. For example, a conventional hypervisor isolates different VMs from each other by defining separate memory page tables or other logical entities for each VM. However, data associated with the different VMs remains visible to the hypervisor and consequently the hypervisor can become a security vulnerability. Thus, a trust model that allows the VM data to be visible to the hypervisor without restriction is undesirable in certain environments, such as public cloud models where the VM owner does not or cannot trust the hypervisor and cloud environment. For example, an unscrupulous user may be able to identify flaws or bugs in the hypervisor that allow the user to modify and control operation of the hypervisor or other VMs on the processing system, which may expose private data stored for the other VMs.